Are you a long-time Dropbox user? Best change your password now
User details of almost 70 million accounts have been spilled online
Dropbox has confirmed that a huge set of user details is available online, thanks to a security breach which happened back in 2012 – and therefore users of the service who signed up before the middle of that year need to change their passwords.
Last week, these long-time users of Dropbox were advised to change their password "purely as a preventive measure" – if they hadn't changed it since 2012 – and now the reason for that move has emerged, with the company confirming that the details of some 68 million users have been compromised.
Those details comprise of email addresses of account owners plus hashed and salted passwords.
Dropbox said it believed this leak can be traced back to an incident made public in July 2012 where an employee's account was accessed using a stolen password, and that staff account contained a document with user email addresses (although there was no mention of passwords at the time).
Password prompting
If you're affected, the next time you login to Dropbox, you'll be prompted to update your password and select a new one for obvious reasons. So if you've not logged on for some time, best scurry off and do that now. (At any rate, you should have already received a message from the company prompting you to do so).
And if you reused that Dropbox password anywhere else (which is of course terrible security practice precisely because of incidents such as these), then go and change those accounts as well. And think about getting yourself a password manager…
Dropbox said it doesn't believe any of the accounts in question have actually been accessed by an outsider, based on its threat monitoring processes and the strong security measures applied to the passwords.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Users may well want to consider switching on two-step verification for their Dropbox account – and indeed for all important online accounts where it's available – so even if a malicious party does manage to crack a password spilled by a breach, they still won't be able to break into your account.
Via: PC World
- This is why we'd all rather use our bodies than passwords
Darren is a freelancer writing news and features for TechRadar (and occasionally T3) across a broad range of computing topics including CPUs, GPUs, various other hardware, VPNs, antivirus and more. He has written about tech for the best part of three decades, and writes books in his spare time (his debut novel - 'I Know What You Did Last Supper' - was published by Hachette UK in 2013).